Thread: [SOLVED] Malware infection - HijackThis Log Help
View Single Post
Old 10-09-2007, 10:58 PM   #2 (permalink)
acareus
Registered User
 
acareus's Avatar
 
Join Date: Sep 2007
Location: Australia
Posts: 19
OS: Windows XP


Re: Malware infection - HijackThis Log Help
it didn’t let me fit it all in 1 post ;___;

and here is the Deckard's System Scanner Log


Deckard's System Scanner v20070905.67
Run by HP_Owner on 2007-10-10 09:14:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
43: 2007-10-09 23:14:54 UTC - RP477 - Deckard's System Scanner Restore Point
42: 2007-10-08 09:00:33 UTC - RP476 - Installed J2SE Runtime Environment 5.0 Update 7
41: 2007-10-08 08:52:10 UTC - RP475 - System Checkpoint
40: 2007-10-03 01:04:49 UTC - RP474 - Installed VeohTV BETA
39: 2007-10-01 06:13:03 UTC - RP473 - Removed Windows Live Messenger


-- First Restore Point --
1: 2007-06-28 02:35:57 UTC - RP435 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-10-10 09:20:04
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16512)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\symwsc.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hphmon06.exe
C:\hp\KBD\kbd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_07\bin\jucheck.exe
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\M9TU3YPO\dss[1].exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://home.microsoft.com/search/lobby/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
F2 - REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\system32\pavdr.exe,C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\Program Files\SearchRelevant\SearchRelevant.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: System Process - {C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} - C:\WINDOWS\system32\navshext1.dll
O2 - BHO: C:\WINDOWS\lbbho.dll - {D9E06A41-2A46-4653-9692-BE26EFE2A018} - C:\WINDOWS\lbbho.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: (no name) - - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKEY_LOCAL_MACHINE\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKEY_LOCAL_MACHINE\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKEY_LOCAL_MACHINE\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKEY_LOCAL_MACHINE\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKEY_LOCAL_MACHINE\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKEY_LOCAL_MACHINE\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKEY_LOCAL_MACHINE\..\RunOnce: [MessengerPlusUninstall] C:\WINDOWS\system32\cmd.exe /C "C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\MsgPlusUninst.bat"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'C:\Program Files\NewDotNet\newdotnet6_84.dll' missing
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} () - http://locator1.cdn.imagesrvr.com/si...nerInstall.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{0829F78C-862D-4800-B662-5EB5D78AFA2E}: NameServer = 85.255.113.132,85.255.112.195
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{3C8A1C72-475B-4805-8D3D-33AA3655D228}: NameServer = 85.255.113.132,85.255.112.195
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{6E6A052C-7CC3-4ECF-B713-BAA59A85CDB8}: NameServer = 85.255.113.132,85.255.112.195
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{711F03FC-DD7F-4D96-A7EE-8A4F2020D8A9}: NameServer = 85.255.113.132,85.255.112.195
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{C3D80698-AD60-464C-A53E-8E2AAB909D51}: NameServer = 85.255.113.132,85.255.112.195
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.132 85.255.112.195
O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.132 85.255.112.195
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.132 85.255.112.195
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\system32\
O23 - Service: Apple Mobile Device - Apple, Inc. - "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe


-- File Associations -----------------------------------------------------------

.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\system32\notepad.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S3 AvFlt (Antivirus Filter Driver) - c:\windows\system32\drivers\av5flt.sys (file missing)
S3 ComFiltr (Panda Anti-Dialer) - c:\windows\system32\drivers\comfiltr.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-10-10 07:38:27 370 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2007-09-03 21:54:06 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-09-10 and 2007-10-10 -----------------------------

2007-10-10 09:02:27 0 d-------- C:\Program Files\SpywareBlaster
2007-10-10 07:32:36 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-10-10 07:32:34 0 d-------- C:\WINDOWS\LastGood
2007-10-10 07:16:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-10-03 12:33:51 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\DivX
2007-10-03 11:05:53 0 d-------- C:\Program Files\Veoh Networks
2007-10-02 18:19:03 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\.Torrent Swapper
2007-10-02 18:18:53 0 d-------- C:\Program Files\Swapper
2007-09-29 11:29:23 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\WinRAR
2007-09-29 02:07:52 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-09-29 02:05:50 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-09-29 02:05:50 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-09-29 02:05:40 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-09-29 02:05:40 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-29 02:05:40 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-29 02:05:40 739840 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-29 02:05:08 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Find3M Report ---------------------------------------------------------------

2007-10-10 09:14:11 0 d-------- C:\Program Files\Microsoft AntiSpyware
2007-10-10 08:47:27 0 d-------- C:\Program Files\SearchRelevant
2007-10-10 08:46:56 0 d-------- C:\Program Files\QuickTime
2007-10-10 08:46:33 0 d-------- C:\Program Files\Norton Personal Firewall
2007-10-10 08:44:03 0 d-------- C:\Program Files\iTunes
2007-10-10 08:32:32 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-10 08:31:40 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2007-10-10 07:08:25 0 d-------- C:\Program Files\Common Files
2007-10-08 19:05:52 0 d-------- C:\Program Files\Java
2007-10-03 11:11:36 0 d-------- C:\Program Files\DivX
2007-10-03 1149 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-01 16:13:04 0 d-------- C:\Program Files\MSN Messenger
2007-09-06 19:01:43 0 d-------- C:\Program Files\Realtek
2007-09-06 19:01:28 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\InstallShield
2007-09-06 19:00:19 0 d-------- C:\Program Files\BitZipper
2007-09-06 12:09:53 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\AVG7
2007-09-03 16:34:21 0 d-------- C:\Program Files\Gpotato
2007-08-31 18:59:52 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-31 18:59:51 0 d-------- C:\Program Files\Telstra
2007-08-29 16:05:02 0 d-------- C:\Program Files\CEDP Stealer
2007-08-29 14:40:30 0 d-------- C:\Program Files\Bazooka Scanner
2007-08-29 14:32:09 0 d-------- C:\Program Files\iPod
2007-08-29 14:26:28 0 d-------- C:\Program Files\Apple Software Update
2007-08-29 14:26:04 0 d-------- C:\Program Files\Common Files\Apple
2007-08-28 18:27:09 0 d-------- C:\Program Files\DIFX
2007-08-18 11:27:49 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Canon
2007-08-17 17:56:25 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\ScanSoft
2007-08-17 17:56:14 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-08-17 17:56:14 0 d-------- C:\Program Files\Common Files\InstallShield
2007-08-17 17:55:41 0 d-------- C:\Program Files\ScanSoft
2007-08-17 17:53:45 0 d-------- C:\Program Files\ArcSoft
2007-08-17 17:52:44 0 d-------- C:\Program Files\Canon
2007-08-17 17:51:08 0 d--h----- C:\Program Files\CanonBJ


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D7E3B41-23CE-469B-BE1B-A64B877923E1}]
29/01/2005 08:59 PM 74240 --a------ C:\PROGRA~1\SEARCH~2\SEARCH~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB}]
03/11/2005 09:46 PM 50688 --a------ C:\WINDOWS\system32\navshext1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D9E06A41-2A46-4653-9692-BE26EFE2A018}]
C:\WINDOWS\lbbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [05/08/2004 05:00 AM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [05/08/2004 05:00 AM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [05/08/2004 05:00 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [05/08/2004 05:00 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe" [03/05/2006 02:56 AM]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [07/05/1998 04:04 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [20/08/2004 02:51 PM]
"AlcxMonitor"="ALCXMNTR.EXE" [04/04/2003 02:21 AM C:\WINDOWS\ALCXMNTR.EXE]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [07/06/2004 08:44 PM]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [07/06/2004 08:38 PM]
"KBD"="C:\HP\KBD\KBD.EXE" [11/02/2003 08:02 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [25/08/2004 08:34 PM]
"Home Theater SchSvr"="C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" [30/07/2004 10:34 AM]
"WINREMOTE"="C:\Program Files\InterVideo\Common\Bin\WinRemote.exe" [30/07/2004 10:41 AM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [14/04/2004 08:43 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [22/12/2004 04:45 PM]
"PS2"="C:\WINDOWS\system32\ps2.exe" []
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [20/08/2004 02:55 PM]
"AGRSMMSG"="AGRSMMSG.exe" [04/03/2005 12:01 PM C:\WINDOWS\AGRSMMSG.exe]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [25/02/2005 04:46 PM]
"SoundMan"="SOUNDMAN.EXE" [06/04/2005 06:57 PM C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [06/04/2005 06:53 PM C:\WINDOWS\ALCWZRD.EXE]
"Alcmtr"="ALCMTR.EXE" [12/04/2005 01:10 AM C:\WINDOWS\ALCMTR.EXE]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [10/02/2005 10:32 PM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [28/09/2006 01:16 PM]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [11/10/2006 12:45 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [29/06/2007 06:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [15/08/2007 08:15 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [29/08/2007 03:01 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [14/10/2004 02:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 10:00 PM]
"msnmsgr"="C:\PROGRA~1\MSNMES~1\msnmsgr.exe" [19/01/2007 12:54 PM]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [12/09/2007 07:33 PM]
"@"="" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"MessengerPlusUninstall"=C:\WINDOWS\system32\cmd.exe /C "C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\MsgPlusUninst.bat"

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 4:44:06 AM]
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [5/03/2005 8:18:22 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [29/05/2004 5:31:38 AM]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [11/08/2004 1:22:40 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 12:01:04 AM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [19/03/2006 8:30:54 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="kdfpq.exe"
"Userinit"="C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\system32\pavdr.exe,C:\WINDOWS\system32\userinit.exe,"

-- End of Deckard's System Scanner: finished at 2007-10-10 09:22:19 ------------

-------------------------------------------------------------------------------------------------

and that's about it, gosh there’s just so much, sorry about that. i've done my best to provide all the information i could and if there is anything else that anyone is requesting, please tell me. much appreciation if someone could donate there time to helping me out ;D

thanks so much !
acareus is offline